91 lines
3.7 KiB
YAML
91 lines
3.7 KiB
YAML
---
|
|
- name: 0. Generate keycloak auth token
|
|
ansible.builtin.uri:
|
|
url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
|
|
method: POST
|
|
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
|
|
validate_certs: no
|
|
register: keycloak_auth_response
|
|
until: keycloak_auth_response.status == 200
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: 1. Determine if realm exists
|
|
ansible.builtin.uri:
|
|
url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
- 404
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
|
register: keycloak_realm_exists
|
|
|
|
|
|
- name: 2. update a keycloak realm
|
|
community.general.keycloak_realm:
|
|
auth_client_id: "{{ keycloak_auth_client }}"
|
|
auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
|
|
auth_realm: "{{ keycloak_auth_realm }}"
|
|
auth_username: "{{ keycloak_admin_user }}"
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
realm: "{{ item.realm }}"
|
|
login_theme: "{{ keycloak_login_theme }}"
|
|
loop: "{{ keycloak_clients | flatten }}"
|
|
|
|
- name: 3. Validate Keycloak clients
|
|
ansible.builtin.assert:
|
|
that:
|
|
- item.name is defined and item.name | length > 0
|
|
- (item.client_id is defined and item.client_id | length > 0) or (item.id is defined and item.id | length > 0)
|
|
fail_msg: "For each keycloak client, attributes `name` and either `id` or `client_id` is required"
|
|
quiet: True
|
|
loop: "{{ keycloak_clients | flatten }}"
|
|
loop_control:
|
|
label: "{{ item.name | default('unnamed client') }}"
|
|
|
|
|
|
- name: 4. update a Keycloak client
|
|
community.general.keycloak_client:
|
|
auth_client_id: "{{ keycloak_auth_client }}"
|
|
auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
|
|
auth_realm: "{{ keycloak_auth_realm }}"
|
|
auth_username: "{{ keycloak_admin_user }}"
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
realm: "{{ item.realm }}"
|
|
default_roles: "{{ item.roles | default(omit) }}"
|
|
client_id: "{{ item.client_id | default(omit) }}"
|
|
id: "{{ item.id | default(omit) }}"
|
|
name: "{{ item.name | default(omit) }}"
|
|
description: "{{ item.description | default(omit) }}"
|
|
root_url: "{{ item.root_url | default('') }}"
|
|
admin_url: "{{ item.admin_url | default('') }}"
|
|
base_url: "{{ item.base_url | default('') }}"
|
|
enabled: "{{ item.enabled | default(True) }}"
|
|
redirect_uris: "{{ item.redirect_uris | default(omit) }}"
|
|
web_origins: "{{ item.web_origins | default('+') }}"
|
|
bearer_only: "{{ item.bearer_only | default(omit) }}"
|
|
standard_flow_enabled: "{{ item.standard_flow_enabled | default(omit) }}"
|
|
implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(omit) }}"
|
|
direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(omit) }}"
|
|
service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}"
|
|
public_client: "{{ item.public_client | default(False) }}"
|
|
protocol: "{{ item.protocol | default(omit) }}"
|
|
state: present
|
|
register: create_client_result
|
|
loop: "{{ keycloak_clients | flatten }}"
|
|
when: (item.name is defined and item.client_id is defined) or (item.name is defined and item.id is defined)
|
|
|
|
- name: 5. Dependency deploy scale down
|
|
command: "kubectl -n {{ cmoa_namespace }} scale --replicas=0 deploy imxc-api noti-server auth-server zuul-deployment"
|
|
|
|
- name: 6. Dependency deploy scale up
|
|
command: "kubectl -n {{ cmoa_namespace }} scale --replicas=1 deploy imxc-api noti-server auth-server zuul-deployment"
|
|
register: restart
|
|
|
|
- debug:
|
|
msg: "{{restart.stdout_lines}}"
|
|
|
|
|